<?php
 

define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');

$att_id=hd_isNumber($_GET['att_id'],$hdlang['id_not_valid']);

/* Connect to database */
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

/* Get attachment info */
$sql = "SELECT * FROM `hd_attachments` WHERE `att_id`=$att_id LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
if (hd_dbNumRows($result) != 1) {hd_error($hdlang['id_not_valid'].' (att_id)');}
$file = hd_dbFetchAssoc($result);

/* Send the file as an attachment to prevent malicious code from executing */
header ("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $file['size']);
header('Content-Disposition: attachment; filename=' . $file['real_name']);
readfile($hd_settings['server_path'].'/attachments/'.$file['saved_name']);
?>
